Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Goal Achiever: Self-Evolving Agent System
v1.0.1在目标平台(goal_web)发布高质量内容的完整技能流程设计。用于:读取任务json与goal_prompt,拆解任务、执行任务引擎、开发与自检、结果回写与评分回写。触发词:修改目标、赢得目标、触发目标实现、触发{网站名称}任务实现。
⭐ 0· 69·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (automated publishing to a target platform) matches the instructions: the SKILL.md contains a full workflow for task decomposition, development, execution, and automated external publishing. Requiring writing scripts, generating reports, and using an 'openclaw' CLI or browser relay are coherent with the stated purpose. However, the skill implicitly expects system-level capabilities (launchd registration, openclaw CLI, browser attach) that are not declared in the registry metadata (no required env vars or binaries listed).
Instruction Scope
The SKILL.md explicitly instructs the agent to: read/write many local files, write new scripts to scripts/, register/launch system cron/launchd jobs, call openclaw message send, use subprocess/curl for web scraping, and perform DOM/UI automation patterns (execCommand, click) to publish content. It enforces a hard rule to never ask the user for manual intervention and to mark tasks as failed instead — encouraging fully autonomous external actions. These instructions go beyond benign 'advice' and direct potentially high-impact operations (posting to external platforms, installing scheduled tasks).
Install Mechanism
There is no install spec and no code shipped to be executed by default (instruction-only). That lowers immediate supply-chain risk. However, the docs instruct runtime creation of scripts in scripts/ and registration of launchd jobs, which would create persistent executables on disk at runtime — a behavior that increases risk despite the lack of an install step.
Credentials
The skill does not declare required env vars or credentials, yet examples and normative text reference OPENCLAW_BIN, OPENCLAW_PROFILE, MESSAGE_TARGET, and assume browser sessions with valid authenticated tabs. The skill will attempt to invoke external systems (openclaw message send, platform APIs, UI automation) but does not declare or justify any credential requirements in metadata. That mismatch (implicit need for profiles/credentials but none declared) is a proportionality and transparency concern.
Persistence & Privilege
While the skill is not forced-always nor marked to bypass invocation gates, the instructions actively promote creating persistent scheduled jobs (launchd plists) and writing executable scripts into the skill workspace. That grants the skill the ability to persist behavior on the host once run. The metadata doesn't surface or require explicit consent for these persistent actions; the documentation's 'must be fully automated, never ask user' constraint further increases the potential blast radius.
What to consider before installing
This skill is a full, prescriptive design for automating content publishing — it instructs the agent to write scripts, register scheduled jobs (launchd), perform web scraping and UI automation, and send messages via an OpenClaw CLI/profile. Before installing or enabling it, consider:
- It will attempt fully autonomous actions (post content, click UI elements) and insists on never asking you for manual intervention; this can lead to unintended posts if misconfigured.
- The skill expects tools/credentials (openclaw CLI, browser sessions with valid auth, message target/profile) but does not declare required env vars; verify these exist and are intentionally provided.
- It will create files under scripts/ and run persistent jobs (~/Library/LaunchAgents); review any scripts written there and do not load plists unless you inspected them.
- Test in a safe sandbox or on a throwaway account/instance first; do not point it at your primary accounts until you verified behavior.
- Limit agent autonomy: keep user-invocation required where possible, or disable autonomous invocation for this skill if you cannot audit runtime actions.
- If you accept it, monitor the scripts/ directory and scheduled jobs, and ensure openclaw/CLI profiles and message targets are restricted to the minimum necessary.
Given the lack of declared credentials and the aggressive 'no human intervention' rule, proceed only after manual review and testing; the skill is coherent with its purpose but carries material operational and safety risks.Like a lobster shell, security has layers — review code before you run it.
agentvk97dgkgt844snab8zd16nj36z583cwbwevolutionvk97dgkgt844snab8zd16nj36z583cwbwgoal-orientedvk97dgkgt844snab8zd16nj36z583cwbwlatestvk97awxhqt11vpvghrdq00rrtvd83d7t8productivityvk97dgkgt844snab8zd16nj36z583cwbw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.